latest stable versions: v150827 (changelog)

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Blind SQL Exploit?

Home Forums Community Forum Blind SQL Exploit?

Tagged: 

This topic contains 1 reply, has 2 voices. Last updated by  Cristián Lávaque 4 years, 1 month ago.

Topic Author Topic
Posted: Saturday Nov 17th, 2012 at 4:41 am #31868
Chris MB
Username: chrismb

Hi,

I’ve run a thorough scan for exploits and vulnerabilities to my site via Detectify.com.

It has come back with a “Blind SQL Exploit” with S2Member that it rates as a 9.3/10 in terms of seriousness.

It states:

Description:

Could be abused to either extract specific data, possibly execute operating-system commands, read/write local files, or to put the server in a Denial- of Service condition.

URL:

http://redacted.com/membership/?_s2member_seekingtype=ruri&_s2member_seekingruri=L2dyb3Vwcy9nZW5lcmFsLWRpc2N1c3Npb25zLw==&_s2member_seeking_uri=L2dyb3Vwcy9nZW5lcmFsLWRpc2N1c3Npb25zLw==’OR(IF((@DTFYB02D65373A25/*!IS*/NULL),SELECT(@DTFYB02D65373A25:=BENCHMARK(22000000,SHA1(0xDE7EC71F1)))),0))OR’&_s2member_req[type]=level&_s2member_req[level]=0&_s2member_res[type]=ruri&s2member_seeking=ruri-L2dyb3Vwcy9nZW5lcmFsLWRpc2N1c3Npb25zLw==&s2member_level_req=0

I’ve obviously redacted my domain name.

Now, I have no idea whether this is the case or just a false positive, but I’d be very grateful if someone could look into this.

Thanks

List Of Topic Replies

Viewing 1 replies (of 1 total)
Author Replies
Author Replies
Posted: Sunday Nov 18th, 2012 at 7:52 am #31919

Hi Chris.

Those variables aren’t used by s2Member at all, so that code wouldn’t get executed. They are there for the site owner to use if he wants to. You can read about them here: [hilite path]Dashboard -› s2Member® -› API / Scripting -› Membership Options Page Variables (MOP Vars)[/hilite]

I hope that helps. :)

Viewing 1 replies (of 1 total)

This topic is closed to new replies. Topics with no replies for 2 weeks are closed automatically.

Old Forums (READ-ONLY): The community now lives at WP Sharks™. If you have an s2Member® Pro question, please use our new Support System.

Contacting s2Member: Please use our Support Center for bug reports, pre-sale questions & technical assistance.